Debian Weekly News - December 19th, 2001

Archive.debian.org is Back. The server that holds old
Debian releases, aliased to archive.debian.org, has been resurrected
after it was offline for several months due to hardware problems. The machine
now runs with a nice new 144 GB RAID and a new host, the Computer Science
Department at the University of
Minnesota and is now administered by Scott Dier. However, sad news: One of the
new disks began to fail recently.

Hurd H2 CD Images. The Hurd team informed us about new Hurd CD Images. Snapshot
images are produced at a four to eight week interval and the H2 images are
the tenth of the series. The Hurd has grown from one CD image in August 2000
(A1) to four images in December 2001 (H2). These images are a snapshots of a
developing operating system, so suitable precautions must be taken when making an
installation. Similar as with other architectures, most important programs reside
on CD 1, while the other ones contain less important packages.

On Fixing Security Critical Bugs. Javier
Fernández-Sanguino Peña made some analysis regarding vulnerabilities detected and posted to the Bugtraq list and
those sent as Debian Security
Advisories (DSAs). His analysis reveal that for the last year it has
taken Debian an average of 35 days to fix security-related vulnerabilities.
However, over 50% of the vulnerabilities where fixed in a 10-days time frame,
and over 15% of them where fixed the same day the advisory was released!

More On Acronyms. We received some feedback about the item
covering acronyms in our last
issue. It was pointed out that several acronyms are already explained through
using the dict program or one of it's graphical frontends (like
kdict or wordinspect). In case you haven't heard
about dict yet, it is the client that queries the dictd server. The DICT
Development Group maintains several public servers which can be accessed from
any machine connected to the Internet. Another interesting resource is the List of
three-letter abbreviations.

New Mailing Lists. The listmaster team created
three new lists: debian-qa-packages,
which is used by the QA Team to handle bug reports against orphaned packages,
debian-ssh, which will be
used for Debian ssh packages maintenance and coordination and debian-apache, which will be
used for maintenance and coordination of packages for the Apache webserver and
related packages.

The Good, The Bad And The Ugly. Gergely Nagy posted a big
rant
about packaging software for Debian too quick and not paying enough attention
at packaging. He is worried, because packages whose maintainer don't pay at
least a little attention to packaging, do not reflect the image he had about
Debian. Face it, Debian is known for its quality. This is something we can
lose.

Porting Kaffe. John R. Daily was doing some work to ensure
kaffe's availability on the IA-64 port. He sent this report
on issues that are holding back Kaffe on some platforms. buildd.debian.org
reports that the latest package does not build on mips, mipsel, hppa, and
sparc. The report covers detailed problem reports for each architecture.

Security Stuff. We've got two new security advisories this
week. As usual, if your system is affected, be sure to get the updated
packages right away.